The OS X vulnerability exploited by hackers is not a flaw in OS X after all, nor is it limited to Apple’s Safari browser as was originally reported. Instead Quicktime is the blame for the vulnerability and the exploit is made possible by a flaw in way Quicktime interacts with Java.

Because Quicktime and Java are also found on many Windows machines, the vulnerability most likely affects Windows users as well — though that has yet to be officially confirmed.

Apple has not addressed the issue publicly yet beyond the usual PR-speak. An Apple rep told CNet earlier in the week that, “Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users.”

Unfortunately, in this case, Apple hasn’t addressed the issue before it can affect users. Sencunia, a security analyst firm, has rated the flaw as highly critical and suggests that users disable Java support until Apple issues a patch.

While many OS X users have taken the revised information as proof that Mac OS X is more secure, in fact, just because the hackers at the conference were unable to find a true flaw in OS X within the timeframe of the contest, does not mean there aren’t flaws to be found.

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.